EFFECTIVE DATE: September 1, 2017
Modified (clarified the role of Lumoa as data controller vs. processor): September 18, 2019
For the purposes of this policy, Lumoa defines the term “client” as a business with which Lumoa has an established relationship, “customer” as a customer of a Lumoa client, and “respondent” as an individual who responds Lumoa surveys.
Information Lumoa Collects
Lumoa does not receive, use or collect personally identifiable information, such as names, addresses, phone numbers and e-mail addresses, except under the following circumstances:
Data collected from clients and prospects (LUMOA AS A DATA CONTROLLER)
We collect your personal data typically when you purchase our service, use or register into our services, enter into a sales promotion or a campaign, or otherwise interact with us. Below are examples of the categories of the data we collect on you.
Information you provide us. When you register to our services, make a purchase, enter a sales promotion or otherwise interact with us, we may ask you to provide us with certain information such as your name, email address, street address, as well as user names, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you with the products and services you have requested or to communicate with you.
Product demo. When an existing or prospective client goes to www.lumoa.me to request a demonstration of a Lumoa service, he or she must provide personal contact details and organization-specific information. Lumoa also collects some marketing contact information such as name and email address through third parties. This information is used for marketing purposes only.
Newsletter and other marketing materials requiring subscription. When you sign up for our regular newsletter, we shall send you newsletter(s) or communications regarding products which may be of interest to you. If you no longer wish to receive these communications you can follow the unsubscribe instructions contained in each of the email communications you receive.
Testimonials. We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name.
Blogs. Our Web site offers publicly accessible blogs with comment section. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
Data collected from customers and respondents (LUMOA AS A DATA processor)
When Lumoa surveys customers on behalf of its clients, it may receive customers’ personally identifiable information from its clients. These contact details are only used for the purposes specified in the contract. From time to time Lumoa may collect personally identifiable information during a survey, if requested to do so by a client. This personally identifiable information will be shared with the client, and will be used as described in that survey.
Lumoa may, with the written consent of its clients, ask questions of customers for whom it has received personally identifiable information, and use those responses in an aggregate form for business purposes. Before the use responses are stripped of personally identifying or client-identifying information and aggregated.
When collecting data from survey respondents, Lumoa does not collect any sensitive information such as social security numbers or health information. Lumoa does not seek to collect any information from or engage in any transactions with persons under the legal age in their respective country.
Where a consent from you to the processing of personal data is required under the applicable law, such consent will be obtained by appropriate mechanism such as ticking a box stating your consent, choosing technical settings for a service or website, or other statement or conduct clearly indicating your acceptance to the processing, depending on the product, website, service or application you are using.
Lumoa processes your personal data for the purposes described below. Please note that one or more purposes may apply simultaneously.
DATA COLLECTED FROM PROSPECTS (LUMOA AS A DATA CONTROLLER)
Development of products and services. We may process and use your personal data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalize our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customized content and advertising.
Communicating with you and marketing. We may process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalized marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services.
Profiling. We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analyzing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.
DATA COLLECTED FROM CLIENTS (LUMOA AS A DATA CONTROLLER)
Provision of products and services. We may process and use your personal data to provide you the product or service you have requested, fulfill your other requests, process your order or as otherwise may be necessary to perform or enforce the contract between you, your employer organization and Lumoa. We may also process and use your personal data to ensure the functionality and security of our products and services, to identify you, and to prevent and detect fraud and other misuses.
Development of products and services. We use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you.
Communicating with you and marketing. We may process and use your personal data to personalize our product related communications and to provide you with tips and recommendations on, for example, how to use the service, new features of our service or third party services closely related to our service. We may also use personal data to contact you for customer satisfaction queries.
Data collected from customers and respondents (LUMOA AS A DATA processor)
Lumoa is not in the business of selling or renting personally identifiable information gathered on its website or in the course of client work to third parties. Lumoa shares information with third parties, such as its clients, only as described in this policy or as described at the time information is collected. For example, Lumoa may, at the request of a client, ask you for your email address so a client can follow up with you about your responses to a survey. The provision of such information is typically voluntary, and at all times participation in a survey is voluntary.
The purposes of processing
We will retain your information for as long as needed to provide services to our clients. After the contract with the client ends, we shall retain the data for maximum of three months. All backups will be deleted within 30 days from this. We will retain the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Lumoa implements appropriate technical and organizational security measures to prevent and minimize risks associated with providing and processing personal data.
Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of personnel involved in the processing, and other necessary measures to provide appropriate protection for your personal data against unauthorized use or disclosure. Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction of your personal data. All traffic is encrypted using Secure Socket Layer technology (SSL) or other encrypted tunnels.
We restrict access to personal information only to authorized personnel, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
We may disclose your personal data to third parties solely as stated below in this Policy, or as obligated by mandatory law.
International transfers. Our products and services are provided using resources and servers located inside European Union. If we need to transfer your data outside of EU, we take steps to ensure that adequate protection for your personal data is provided as required by applicable laws. For international transfers of your personal data, we generally rely on agreements that are based on the Standard Contractual Clauses (“SCCs”) of the European Commission.
Service Providers. From time to time, Lumoa may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer data to those third parties. Lumoa requires any such third party to maintain confidentiality of such data. We use other third parties such as an email service provider to send out emails on our behalf. When you sign up for our services, we will share your personal information only as necessary for the third party to provide that service. We also use third parties to assist us in selling our services.
Other disclosures. We may disclose and otherwise process your personal data in accordance with applicable laws to defend Lumoa’s legitimate interests, for example, in civil or criminal legal proceedings.
Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers, for the purposes of such transactions.
Transfers of the personal data
Lumoa may use so called web beacons (or “pixel tags”) in connection with some websites. However, we do not use them to identify individual users personally. Web beacons are typically graphic images that are placed on a website and they are used to count visitors to a website and/or to access certain cookies. This information is used to improve our services. Web beacons do not typically collect any other information than what your browser provides us with as a standard part of any internet communication. If you turn off cookies, the web beacon will no longer be able to track your specific activity. The web beacon may, however, continue to collect information of visits from your IP-address, but such information will no longer be personally identifiable.
If you wish to disable cookies, or want to be notified before they are placed, you may do this in your browser settings. However, we may not be able to provide certain services or you may not be able to view certain parts of this site if you have disabled cookies.
Clients and prospects (LUMOA AS A DATA CONTROLLER)
You may at any time object to your personal data being processed for direct marketing purposes, sending promotional materials, profiling, or for the performance of market research. Further, where your personal data is processed based on your consent, you have the right to withdraw your consent for such processing at any time.
In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred in the marketing materials or below in this Policy. In some cases, especially if you wish us to delete or cease the processing of your personal data, this may also mean that we may not be able to continue to provide the services to you.
Customers and respondents (LUMOA AS A DATA processor)
Lumoa collects information under the direction of its Clients, and has no direct relationship with their customers whose personal data it processes.
We collect information for our clients, if you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the client that you interact with directly.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Lumoa’s Client (the data controller). If the Client requests Lumoa to remove the data, we will respond to their request within a reasonable timeframe.
In the event you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws or that Lumoa has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.
Complaint to the supervisory authority
Notification of changes
The data controller responsible for the purposes of the applicable data protection laws is: